Pentagon Pauses CMMC Phase 2 to Reassess Costs and Contractor Capacity

1 min read
Source: DefenseScoop
Pentagon Pauses CMMC Phase 2 to Reassess Costs and Contractor Capacity
Photo: DefenseScoop
TL;DR Summary

The Pentagon has frozen the planned Phase 2 rollout of the Cybersecurity Maturity Model Certification (CMMC), forming a cross‑department Reform Task Force and issuing an RFI to gather feedback as it reviews the program. The halt aims to prevent driving many small and mid‑sized defense vendors out of the defense industrial base, citing costs (SBA data suggesting potential multi‑billion‑dollar annual expenses) and a shortage of assessors (roughly 100 for more than 100,000 DIB companies). Until the review concludes (within about 60 days), enforcement will rely on self‑assessments under NIST 800‑171, with the possibility of further changes, including potential cancellation of CMMC after the pause.

Share this article

Reading Insights

Total Reads

0

Unique Readers

0

Time Saved

6 min

vs 7 min read

Condensed

92%

1,234104 words

Want the full story? Read the original article

Read on DefenseScoop